/**
 * 
 */
package com.ekingstar.framework.security;

import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.jasig.cas.client.util.CommonUtils;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.AuthenticationException;
import org.springframework.security.ui.AuthenticationEntryPoint;
import org.springframework.security.ui.cas.ServiceProperties;
import org.springframework.util.Assert;

/**
 * @author 
 *
 */
public class MyCasEntryPoint implements AuthenticationEntryPoint, InitializingBean{

    //~ Instance fields ================================================================================================

    private ServiceProperties serviceProperties;
    private String loginUrl;

    /**
     * Determines whether the Service URL should include the session id for the specific user.  As of CAS 3.0.5, the
     * session id will automatically be stripped.  However, older versions of CAS (i.e. CAS 2), do not automatically
     * strip the session identifier (this is a bug on the part of the older server implementations), so an option to
     * disable the session encoding is provided for backwards compatibility.
     *
     * By default, encoding is enabled.
     */
    private boolean encodeServiceUrlWithSessionId = true;

    //~ Methods ========================================================================================================

	public void afterPropertiesSet() throws Exception {
        Assert.hasLength(this.loginUrl, "loginUrl must be specified");
        Assert.notNull(this.serviceProperties, "serviceProperties must be specified");
    }

    public void commence(final ServletRequest servletRequest, final ServletResponse servletResponse,
    		final AuthenticationException authenticationException) throws IOException, ServletException {

        final HttpServletResponse response = (HttpServletResponse) servletResponse;
        final String urlEncodedService = CommonUtils.constructServiceUrl(null, response, this.serviceProperties.getService(), null, "ticket", this.encodeServiceUrlWithSessionId);
        final String redirectUrl = CommonUtils.constructRedirectUrl(this.loginUrl, "service", urlEncodedService, this.serviceProperties.isSendRenew(), true);
        HttpServletRequest request = (HttpServletRequest)servletRequest;
        request.getSession().setAttribute("step", "precheck");
        response.sendRedirect(redirectUrl);
    }

    /**
     * The enterprise-wide CAS login URL. Usually something like
     * <code>https://www.mycompany.com/cas/login</code>.
     *
     * @return the enterprise-wide CAS login URL
     */
    public String getLoginUrl() {
        return this.loginUrl;
    }

    public ServiceProperties getServiceProperties() {
        return this.serviceProperties;
    }

    public void setLoginUrl(final String loginUrl) {
        this.loginUrl = loginUrl;
    }

    public void setServiceProperties(final ServiceProperties serviceProperties) {
        this.serviceProperties = serviceProperties;
    }

    public void setEncodeServiceUrlWithSessionId(final boolean encodeServiceUrlWithSessionId) {
    	this.encodeServiceUrlWithSessionId = encodeServiceUrlWithSessionId;
    }


}
